CWE-476
AllowedNULL Pointer Dereference
Abstraction: Base · Status: Stable
The product dereferences a pointer that it expects to be valid but is NULL.
6309 vulnerabilities reference this CWE, most recent first.
GHSA-P6WG-3R8F-8HP2
Vulnerability from github – Published: 2022-10-29 19:00 – Updated: 2022-11-01 19:00A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495.
{
"affected": [],
"aliases": [
"CVE-2022-3755"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-29T17:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in Exiv2 and classified as problematic. This issue affects the function QuickTimeVideo::userDataDecoder of the file quicktimevideo.cpp of the component QuickTime Video Handler. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The name of the patch is 6bb956ad808590ce2321b9ddf6772974da27c4ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212495.",
"id": "GHSA-p6wg-3r8f-8hp2",
"modified": "2022-11-01T19:00:32Z",
"published": "2022-10-29T19:00:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3755"
},
{
"type": "WEB",
"url": "https://github.com/Exiv2/exiv2/commit/6bb956ad808590ce2321b9ddf6772974da27c4ca"
},
{
"type": "WEB",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52382"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.212495"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P6XG-3Q2X-VVRW
Vulnerability from github – Published: 2025-08-13 15:30 – Updated: 2025-08-14 15:30A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN_0048a728 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the CONTENT_LENGTH variable, causing the program to crash and potentially leading to a denial-of-service (DoS) attack.
{
"affected": [],
"aliases": [
"CVE-2025-50635"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-13T15:15:34Z",
"severity": "HIGH"
},
"details": "A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN_0048a728 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the CONTENT_LENGTH variable, causing the program to crash and potentially leading to a denial-of-service (DoS) attack.",
"id": "GHSA-p6xg-3q2x-vvrw",
"modified": "2025-08-14T15:30:34Z",
"published": "2025-08-13T15:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-50635"
},
{
"type": "WEB",
"url": "https://github.com/Chinesexilinyu/Netis-WF2780-cgitest.cgi-Vulnerability/tree/main/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P732-X236-JPQ6
Vulnerability from github – Published: 2023-03-25 00:30 – Updated: 2023-03-30 03:30A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash.
{
"affected": [],
"aliases": [
"CVE-2023-1583"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-24T22:15:00Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash.",
"id": "GHSA-p732-x236-jpq6",
"modified": "2023-03-30T03:30:38Z",
"published": "2023-03-25T00:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1583"
},
{
"type": "WEB",
"url": "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=02a4d923e4400a36d340ea12d8058f69ebf3a383"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git/commit/?h=io_uring-6.3\u0026id=761efd55a0227aca3a69deacdaa112fffd44fe37"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P759-2VGJ-JPMP
Vulnerability from github – Published: 2022-01-26 00:01 – Updated: 2022-01-29 00:00A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a "type" attribute.
{
"affected": [],
"aliases": [
"CVE-2021-45846"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-25T14:15:00Z",
"severity": "MODERATE"
},
"details": "A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a \"type\" attribute.",
"id": "GHSA-p759-2vgj-jpmp",
"modified": "2022-01-29T00:00:55Z",
"published": "2022-01-26T00:01:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45846"
},
{
"type": "WEB",
"url": "https://github.com/slic3r/Slic3r/issues/5117"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-P776-RXGV-H888
Vulnerability from github – Published: 2024-07-29 18:30 – Updated: 2024-08-22 15:31In the Linux kernel, the following vulnerability has been resolved:
cxl/region: Avoid null pointer dereference in region lookup
cxl_dpa_to_region() looks up a region based on a memdev and DPA. It wrongly assumes an endpoint found mapping the DPA is also of a fully assembled region. When not true it leads to a null pointer dereference looking up the region name.
This appears during testing of region lookup after a failure to assemble a BIOS defined region or if the lookup raced with the assembly of the BIOS defined region.
Failure to clean up BIOS defined regions that fail assembly is an issue in itself and a fix to that problem will alleviate some of the impact. It will not alleviate the race condition so let's harden this path.
The behavior change is that the kernel oops due to a null pointer dereference is replaced with a dev_dbg() message noting that an endpoint was mapped.
Additional comments are added so that future users of this function can more clearly understand what it provides.
{
"affected": [],
"aliases": [
"CVE-2024-41084"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-07-29T16:15:03Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/region: Avoid null pointer dereference in region lookup\n\ncxl_dpa_to_region() looks up a region based on a memdev and DPA.\nIt wrongly assumes an endpoint found mapping the DPA is also of\na fully assembled region. When not true it leads to a null pointer\ndereference looking up the region name.\n\nThis appears during testing of region lookup after a failure to\nassemble a BIOS defined region or if the lookup raced with the\nassembly of the BIOS defined region.\n\nFailure to clean up BIOS defined regions that fail assembly is an\nissue in itself and a fix to that problem will alleviate some of\nthe impact. It will not alleviate the race condition so let\u0027s harden\nthis path.\n\nThe behavior change is that the kernel oops due to a null pointer\ndereference is replaced with a dev_dbg() message noting that an\nendpoint was mapped.\n\nAdditional comments are added so that future users of this function\ncan more clearly understand what it provides.",
"id": "GHSA-p776-rxgv-h888",
"modified": "2024-08-22T15:31:18Z",
"published": "2024-07-29T18:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41084"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/285f2a08841432fc3e498b1cd00cce5216cdf189"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a9e099e29e925f8b31cfe53e8a786b9796f8e453"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b8a40a6dbfb0150c1081384caa9bbe28ce5d5060"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P788-V6C7-5VQG
Vulnerability from github – Published: 2023-08-21 21:31 – Updated: 2024-04-25 15:30A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.
{
"affected": [],
"aliases": [
"CVE-2023-4459"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-21T19:15:09Z",
"severity": "MODERATE"
},
"details": "A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. This issue may allow a local attacker with normal user privilege to cause a denial of service due to a missing sanity check during cleanup.",
"id": "GHSA-p788-v6c7-5vqg",
"modified": "2024-04-25T15:30:36Z",
"published": "2023-08-21T21:31:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4459"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/edf410cb74dc612fd47ef5be319c5a0bcd6e6ccd"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0412"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1250"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1306"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1367"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1382"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2006"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2008"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2023-4459"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219268"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P7G8-G57P-R8QX
Vulnerability from github – Published: 2025-11-07 21:31 – Updated: 2026-05-06 18:30A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.
{
"affected": [],
"aliases": [
"CVE-2025-7700"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-07T19:16:27Z",
"severity": "MODERATE"
},
"details": "A flaw was found in FFmpeg\u2019s ALS audio decoder, where it does not properly check for memory allocation failures. This can cause the application to crash when processing certain malformed audio files. While it does not lead to data theft or system control, it can be used to disrupt services and cause a denial of service.",
"id": "GHSA-p7g8-g57p-r8qx",
"modified": "2026-05-06T18:30:24Z",
"published": "2025-11-07T21:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7700"
},
{
"type": "WEB",
"url": "https://github.com/FFmpeg/FFmpeg/commit/35a6de137a39f274d5e01ed0e0e6c4f04d0aaf07"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-7700"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380420"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-P7GC-VHMF-5WJC
Vulnerability from github – Published: 2025-02-01 00:31 – Updated: 2025-02-03 21:31In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure.
{
"affected": [],
"aliases": [
"CVE-2024-57435"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-31T22:15:13Z",
"severity": "MODERATE"
},
"details": "In macrozheng mall-tiny 1.0.1, an attacker can send null data through the resource creation interface resulting in a null pointer dereference occurring in all subsequent operations that require authentication, which triggers a denial-of-service attack and service restart failure.",
"id": "GHSA-p7gc-vhmf-5wjc",
"modified": "2025-02-03T21:31:49Z",
"published": "2025-02-01T00:31:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-57435"
},
{
"type": "WEB",
"url": "https://github.com/peccc/restful_vul/blob/main/mall_tiny_dos/mall_tiny_dos.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P7JF-WQ44-HQQ3
Vulnerability from github – Published: 2025-07-25 18:30 – Updated: 2025-11-19 18:31In the Linux kernel, the following vulnerability has been resolved:
block: reject bs > ps block devices when THP is disabled
If THP is disabled and when a block device with logical block size > page size is present, the following null ptr deref panic happens during boot:
[ [13.2 mK AOSAN: null-ptr-deref in range [0x0000000000000000-0x0000000000K0 0 0[07] [ 13.017749] RIP: 0010:create_empty_buffers+0x3b/0x380 [ 13.025448] Call Trace: [ 13.025692] [ 13.025895] block_read_full_folio+0x610/0x780 [ 13.026379] ? __pfx_blkdev_get_block+0x10/0x10 [ 13.027008] ? __folio_batch_add_and_move+0x1fa/0x2b0 [ 13.027548] ? __pfx_blkdev_read_folio+0x10/0x10 [ 13.028080] filemap_read_folio+0x9b/0x200 [ 13.028526] ? __pfx_filemap_read_folio+0x10/0x10 [ 13.029030] ? __filemap_get_folio+0x43/0x620 [ 13.029497] do_read_cache_folio+0x155/0x3b0 [ 13.029962] ? __pfx_blkdev_read_folio+0x10/0x10 [ 13.030381] read_part_sector+0xb7/0x2a0 [ 13.030805] read_lba+0x174/0x2c0 [ 13.045348] nvme_scan_ns+0x684/0x850 [nvme_core] [ 13.045858] ? __pfx_nvme_scan_ns+0x10/0x10 [nvme_core] [ 13.046414] ? _raw_spin_unlock+0x15/0x40 [ 13.046843] ? __switch_to+0x523/0x10a0 [ 13.047253] ? kvm_clock_get_cycles+0x14/0x30 [ 13.047742] ? __pfx_nvme_scan_ns_async+0x10/0x10 [nvme_core] [ 13.048353] async_run_entry_fn+0x96/0x4f0 [ 13.048787] process_one_work+0x667/0x10a0 [ 13.049219] worker_thread+0x63c/0xf60
As large folio support depends on THP, only allow bs > ps block devices if THP is enabled.
{
"affected": [],
"aliases": [
"CVE-2025-38442"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-25T16:15:29Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: reject bs \u003e ps block devices when THP is disabled\n\nIf THP is disabled and when a block device with logical block size \u003e\npage size is present, the following null ptr deref panic happens during\nboot:\n\n[ [13.2 mK AOSAN: null-ptr-deref in range [0x0000000000000000-0x0000000000K0 0 0[07]\n[ 13.017749] RIP: 0010:create_empty_buffers+0x3b/0x380\n\u003csnip\u003e\n[ 13.025448] Call Trace:\n[ 13.025692] \u003cTASK\u003e\n[ 13.025895] block_read_full_folio+0x610/0x780\n[ 13.026379] ? __pfx_blkdev_get_block+0x10/0x10\n[ 13.027008] ? __folio_batch_add_and_move+0x1fa/0x2b0\n[ 13.027548] ? __pfx_blkdev_read_folio+0x10/0x10\n[ 13.028080] filemap_read_folio+0x9b/0x200\n[ 13.028526] ? __pfx_filemap_read_folio+0x10/0x10\n[ 13.029030] ? __filemap_get_folio+0x43/0x620\n[ 13.029497] do_read_cache_folio+0x155/0x3b0\n[ 13.029962] ? __pfx_blkdev_read_folio+0x10/0x10\n[ 13.030381] read_part_sector+0xb7/0x2a0\n[ 13.030805] read_lba+0x174/0x2c0\n\u003csnip\u003e\n[ 13.045348] nvme_scan_ns+0x684/0x850 [nvme_core]\n[ 13.045858] ? __pfx_nvme_scan_ns+0x10/0x10 [nvme_core]\n[ 13.046414] ? _raw_spin_unlock+0x15/0x40\n[ 13.046843] ? __switch_to+0x523/0x10a0\n[ 13.047253] ? kvm_clock_get_cycles+0x14/0x30\n[ 13.047742] ? __pfx_nvme_scan_ns_async+0x10/0x10 [nvme_core]\n[ 13.048353] async_run_entry_fn+0x96/0x4f0\n[ 13.048787] process_one_work+0x667/0x10a0\n[ 13.049219] worker_thread+0x63c/0xf60\n\nAs large folio support depends on THP, only allow bs \u003e ps block devices\nif THP is enabled.",
"id": "GHSA-p7jf-wq44-hqq3",
"modified": "2025-11-19T18:31:16Z",
"published": "2025-07-25T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-38442"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/4cdf1bdd45ac78a088773722f009883af30ad318"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/b025d81b96bfe8a62b6e3e6ac776608206ccbf6d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P7M9-59WP-JX9R
Vulnerability from github – Published: 2022-04-28 00:00 – Updated: 2022-05-07 00:01chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file.
{
"affected": [],
"aliases": [
"CVE-2022-1507"
],
"database_specific": {
"cwe_ids": [
"CWE-476"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-27T17:15:00Z",
"severity": "MODERATE"
},
"details": "chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file.",
"id": "GHSA-p7m9-59wp-jx9r",
"modified": "2022-05-07T00:01:00Z",
"published": "2022-04-28T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1507"
},
{
"type": "WEB",
"url": "https://github.com/hpjansson/chafa/commit/e4b777c7b7c144cd16a0ea96108267b1004fe6c9"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/104d8c5d-cac5-4baa-9ac9-291ea0bcab95"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3PLHKTQYK6AO3M5NAVM3CDVQTZZS6MCO"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIOAZPITFL2Y7Y6KHCZ4OIK7P7KWFN22"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L54UEP5S254VP5FZWGFPHLTPMFJVOGYT"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-56
For any pointers that could have been modified or provided from a function that can return NULL, check the pointer for NULL before use. When working with a multithreaded or otherwise asynchronous environment, ensure that proper locking APIs are used to lock before the check, and unlock when it has finished [REF-1484].
Mitigation
Select a programming language that is not susceptible to these issues.
Mitigation
Check the results of all functions that return a value and verify that the value is non-null before acting upon it.
Mitigation
Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.
Mitigation
Explicitly initialize all variables and other data stores, either during declaration or just before the first usage.
No CAPEC attack patterns related to this CWE.